BIT-python-min-2024-4032

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/python-min/BIT-python-min-2024-4032.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-python-min-2024-4032

Aliases

Published

2025-01-17T15:06:00.800Z

Modified

2025-01-17T17:44:02.627734Z

Summary

[none]

Details

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 contains updated information from these registries and thus have the intended behavior.

Database specific

{
    "cpes": [
        "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / python-min

Package

Name: python-min
Purl: pkg:bitnami/python-min

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.20

Introduced

3.9.0

Fixed

3.9.20

Introduced

3.10.0

Fixed

3.10.15

Introduced

3.11.0

Fixed

3.11.10

Introduced

3.12.0

Fixed

3.12.4